Digital technologies are transforming the way people access banking services, as well as turning digital banking fraud into a fast-growing global industry. But huge regulatory changes are also approaching that will create new potential threats to bank security and give banks wider liabilities for fraudulent transactions on their customers’ accounts.
From early 2018, the European Union’s second Payment Services Directive (PSD2) came into force, alongside the Open Banking competition remedies imposed in parallel by the UK’s Competition and Markets Authority on the country’s nine largest banks. These two measures will oblige banks to facilitate the sharing of highly-confidential data with third-party services providers via Open Application Program Interfaces (APIs). For banks that have historically concentrated above all on protecting their customers’ data and ensuring confidentiality, the PSD2/Open Banking rules represent a significant challenge; provided customers give their consent, banks must enable third parties to access the customer’s transaction history and to initiate direct payments from their accounts to pay for goods and services.
This should result in a wide range of new and innovative banking and financial services that will deliver great value to customers. But the arrival of Open Banking will also create additional opportunities for digital banking fraud at a time when banks are already locked in an escalating arms race against digital fraudsters with access to ever more sophisticated tools.
You may read our blog post:
Under the PSD2/Open Banking regime, banks will be liable for unauthorized transactions that take place on customers’ accounts through Open APIs. They will therefore have to verify that any apparent consent from a customer for their data to be shared or for a payment to be initiated is genuine; failure to do so will create a liability under PSD2 for any losses the customer suffers.
Huge regulatory changes are approaching that will create new potential threats to bank security.
However, the security challenge for banks will change fundamentally because in an Open Banking market, customers will not necessarily have to log into their bank’s digital services to carry out transactions; instead they will be able to give their consent to a third-party provider that will then initiate a payment from their account via an API. This will reduce the amount of data that the bank can use to judge whether any individual transaction is legitimate or not and will therefore require banks to look at profiles/behaviors of customers at individual level and to fast-track the development of real-time anti-fraud systems that can detect and prevent Open Banking fraud.
Open Banking comes with the opportunities, together with its challenges. The key is to know the risks, where the cyber fraud happens, and how to prevent them. In our latest eBook on digital banking fraud, we’ve outlined the risks, case studies, and best practices for a tech-led solution.